Ummanu Health website Privacy Notice
Ummanu is a technology company providing a telemedicine platform focused on remote
consultations between clinicians and patients. Our telemedicine solutions allow clinicians to conduct
remote visits with their patients outside the hospital or clinic setting (normally at their home), as
well as potentially expand their reach to new patients outside their existing patient list.
This notice applies to individuals in the United Kingdom (UK) and European Economic Area (EEA)
and/or who are in scope of UK and EU General Data Protection Regulation (GDPR) and other local
data protection laws such as UK Privacy and Electronic Communication Regulations (PECR). PECR
requirements are specified within the Cookies policy.
For some purposes, Ummanu Health Limited is a Controller and our contact details are:
Where Ummanu Health Limited is a Controller, we will only use the minimum necessary personal
data for that purpose.
For other purposes, in particular for those who are receiving treatment from or are a clinician of a
healthcare provider which will have access to the Ummanu Health system, Ummanu Health is a
Processor and the healthcare providers are Controllers.
The Controller’s lawful basis and special category data exemption for each purpose are included
within the following table:
|Purpose||Types of data||Lawful basis||Retention||Ummanu Health is a controller or processor|
|Patient information||Full name, I.D number, gender, date of birth, e- mail, phone number, date and time user logged in, IP address, operating systems, user type, history (messages and calls) and roles||Article 6(1)(e) public task or (f) legitimate interest and Article 2(2)(h) medical purpose||8 years||Processor|
|During visit information||Call recording, clinician number, photo uploads, digital signature||Article 6(1)(e) public task or (f) legitimate interest and Article 2(2)(h) medical purpose||8 years||Processor|
|Follow-up visit information||Appointment summary- medical information and Prescriptions-medical information||Article 6(1)(e) public task or (f) legitimate interest and Article 2(2)(h) medical purpose||8 years||Processor|
|Long term information||Patient details- what was given, call recording, appointment summary, prescriptions||Article 6(1)(e) public task or (f) legitimate interest and Article 2(2)(h) medical purpose||8 years||Processor|
|Additional admin information||Patient platform, time and date of service request appointment status||Article 6(1)(e) Public task or (f) legitimate interest and Article 2(2)(h) medical purpose||8 years||Processor|
|Marketing of products and services, invitation to events, networking (potential clients and suppliers)||Name, email address, telephone number, organisation, job title.||Article 6(1)(a) consent.||2 years from last contact||Controller|
|Provide information in relation to new services offered by Ummanu Health Ltd as an existing client or potential new client, or to invite clients to participate in service development activities, advertisement. (Individual’s registering interest and mail list subscribers)||Name, contact details||Article 6(1)(f) legitimate interest||3 years||Controller|
|Collect analytics to understand user numbers accessing website (All individuals access social media platforms that click on our adverts)||IP address, device address, time of day, length of time, what screens are visited||Article 6(1)(f) legitimate interest||1 year||Controller|
Where Ummanu Health Limited rely on Article 6(1)(f), our legitimate interests are as follows:
Marketing our products, services and research.
Your data protection rights
With reference to the table above, where Ummanu Health Limited is a Controller, GDPR allows
various rights for people whose data is being processed. The rights are not absolute and so
sometimes do not apply. Where you wish to exercise any of your rights, you may do so free of
charge (unless in specific circumstances, where you will be informed in advance) by contacting us at
firstname.lastname@example.org. We will respond within one month.
Please note where Ummanu Health Limited is a Processor, you should approach the organization
Details of the rights within UK and EU GDPR are below. You will be informed if the right is available
to you upon application:
|Access GDPR Article 15||You may request a copy of the data held by us about you.|
|Rectification GDPR Article 16||If you think the data held by us is wrong and you may request that it is corrected.|
|Erasure (Right to be forgotten) GDPR Article 17||You can request that your data is deleted by us.|
|Restriction GDPR Article 18||There are circumstances in which you may ask us to stop processing your data but we must otherwise keep the data. For example, where required by law.|
|Portability GDPR Article 19||You can ask for a copy of your data in a format that can be readily transferred to another company.|
|Objection GDPR Article 20||You can object to the processing of your personal data when we are relying on a legal obligation or public duty legal basis or where we are processing in our legitimate interest, especially for direct marketing.|
|Automated decisions GDPR Article 22||Where a computer makes a decision about you without a human intervention, for example if an online loan application, you have the right to know how the decision was arrived at.|
Ummanu Health is based in Israel, which have similar levels of protection to the UK and EU. Your
personal data will be transferred to Israel, but there will not be any further transfers outside of the
United Kingdom or the European Economic Area (EEA).
Categories of recipients who will access to your personal data will be our marketing and branding
suppliers who conduct and manage our marketing campaigns. The data will also be handled by
internal Ummanu Health employees who manage these business operations.
Other categories of recipients who will have access to your personal data will be your healthcare
professional and authorized Ummanu Health employees to carry out administration and maintenance on Ummanu Health’s system, however, for this purpose, Ummanu Health will have
limited access to your identifiable data.
If you have any complaints regarding our use of personal data, please contact us by one of the above
means. In the event we cannot resolve your complaint, you have the right to complain here.
However, we would appreciate the chance to deal with your concerns before you approach the
authority so please contact us in the first instance